Depending on the configuration, you are sometimes unable to disable smc in that manner (I believe this is functionality that can be disabled via the management console), so it's good to know about the alternate payloads.

Also, SEP was catching default msfvenom exes, but using the -t option with pslist.exe got around that. Sometimes it's just too easy.

That's funny, I was also on a recent engagement with a similar issue. The client was running SEP with various features enabled. I could get my payload on but the network detection piece would block me each time, and I thought I did try reverse_https as well as others with no luck. I already had credentials at this point so ended up modifying gsecdump and WCE and just used psexec to maneuver around and obtain more credentials Worked perfectly.

Nice write-up though, thanks. I'm going to take a closer look at this and do some playing around later.